#Added– SARIF File Generation, Pro users can now generate and download SARIF files, enabling seamless integration with other SAST providers and security tools.
#Added– Implemented XGBoost feature caching for Missing Access Control detection, reducing detector runtime by ~80%
#Added– Added loading indicators throughout the platform to ensure data availability before user actions
#Added– Deployed robust frontend Sentry integration for improved bug identification and tracking
#Changed– Rolled out enhanced CI/CD guarantees on our core detectors with rigorous typechecking and code quality standards (mypy + ruff) to maintain long-term velocity and stability
#Changed– Reduced frontend bundle size dramatically with improved chunking, resulting in faster load times and enhanced performance
#Changed– Optimized Docker layer caching and test parallelization, reducing average deployment times for detectors from 15 minutes to 8 minutes, enabling faster value delivery and shorter incident response times
#Changed– Improved memory management, reducing detector memory usage by ~40%
#Changed– Migrated detectors from requirements.txt to pyproject.toml, enabling cleaner separation of dev dependencies and reducing deployed bundle size and attack surface
#Removed– Fully removed personal teams and completed comprehensive code cleanup, completely eliminating several race-condition-related signup bugs
#Security– DoS Unbounded Loop Detection Large unbounded loops can lead to total protocol failure through denial~of~service attacks. We’ve reduced false positives by properly handling hardcoded loop sizes below reasonable bounds, especially for loops making external contract calls.
#Security– Zero Address Transfer Protection Most contracts should revert on transfers to the zero address to protect protocol and user funds. Our detectors now correctly avoid false positives on accounts that can never be the zero address (e.g., msg.sender) with full variable resolution.
#Security– Missing Reentrancy Protection Reentrancy, the classic smart contract vulnerability where external contract calls trigger callbacks into payable functions, is now detected with significantly hardened capabilities. We’ve improved both false positive reduction (by fully exploring the call graph and respecting callsite